---
layout: docs
page_title: Permanently delete data
description: >-
   Permanently delete versioned key/value data in the kv v2 plugin.
---

> [!IMPORTANT]  
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.

# Destroy key/value data

The standard `vault kv delete` command performs soft deletes. Use the CLI or GUI
to permanently delete (destroy) data so Vault purges the underlying data and
sets the `destroyed` metadata field to `true`.


<Tip title="Assumptions">

- You have [set up a `kv` v2 plugin](/vault/docs/secrets/kv/kv-v2/setup). 
- Your authentication token has `create` and `update` permissions for the `kv`
  v2 plugin.

</Tip>


<Tabs>

<Tab heading="CLI" group="cli">

Use [`vault kv destroy`](/vault/docs/command/kv/destroy) with the `-versions` flag to
permanently delete one or more version of key/value data:

```shell-session
$ vault kv destroy              \
   -mount <mount_path>          \
   -versions <target_versions>  \
   <secret_path>
```

For example:

<CodeBlockConfig hideClipboard="true">

```shell-session
$ vault kv destroy -mount shared -versions 2,3 dev/square-api

Success! Data written to: shared/destroy/dev/square-api
```

</CodeBlockConfig>

The `destroyed` metadata field for versions 2 and 3 is now `true`

<CodeBlockConfig hideClipboard="true" highlight="25,32">

```shell-session
$ vault kv metadata get -mount shared dev/square-api

======== Metadata Path ========
shared/metadata/dev/square-api

========== Metadata ==========
Key                     Value
---                     -----
cas_required            false
created_time            2024-11-13T21:51:50.898782695Z
current_version         4
custom_metadata         <nil>
delete_version_after    0s
max_versions            5
oldest_version          0
updated_time            2024-11-14T22:32:42.29534643Z

...

====== Version 2 ======
Key              Value
---              -----
created_time     2024-11-13T21:52:10.326204209Z
deletion_time    n/a
destroyed        true

====== Version 3 ======
Key              Value
---              -----
created_time     2024-11-13T21:58:32.128442898Z
deletion_time    n/a
destroyed        true
```

</CodeBlockConfig>

</Tab>

<Tab heading="GUI" group="gui">

@include 'gui-instructions/plugins/kv/open-overview.mdx'

- Select the **Secret** tab.
- Select the appropriate data version from the **Version** dropdown.
- Click **Destroy**.
- Click **Confirm**.

![Partial screenshot of the Vault GUI showing the "Destroy version?" confirmation modal for data at the path dev/square-api](/img/gui/kv/destroy-version.png)

</Tab>

<Tab heading="API" group="api">

Make a `POST` call to
[`/{plugin_mount_path}/destroy/{secret_path}`](/vault/api-docs/secret/kv/kv-v2#destroy-secret-versions)
with the data versions you want to destroy:

```shell-session
$ curl                                       \
   --request POST                            \
   --header "X-Vault-Token: ${VAULT_TOKEN}"  \
   --data '{"versions":[<target_versions>]}  \
   ${VAULT_ADDR}/v1/<plugin_mount_path>/destroy/<secret_path>
```

For example:

<CodeBlockConfig hideClipboard="true">

```shell-session
$ curl                                       \
    --request POST                           \
    --header "X-Vault-Token: ${VAULT_TOKEN}" \
    --data '{"versions":[4,7]}'              \
    ${VAULT_ADDR}/v1/shared/destroy/dev/square-api | jq

```

`/{plugin_mount_path}/destroy/{secret_path}` does not return data on success.

</CodeBlockConfig>

</Tab>

</Tabs>
